INFORMATION SECURITY POLICY

In the units covered by the Information Security Management System, which provides the infrastructure for the processes used and the information processed from the very beginning to the very end of the guest experience, Limak International Hotels & Resort has committed to establishing, implementing, reviewing the effectiveness of, and continuously improving the Information Security Management System; providing the resources necessary to achieve the objectives of the Information Security Management System; and complying with legal and other requirements. It is aware that the confidentiality, integrity, and availability criteria of information must be controlled during the storage, transmission, modification, access, and processing of our information assets, the locations where our information assets are available, and our activities, in order to ensure the security of these assets.

In this context, Limak International Hotels & Resort management has the following responsibilities;

• To inform all our employees of this policy and to provide the necessary resources, training, and leadership for the implementation of the policy,
• In the management of the Information Security Management System; to comply with laws, the TS EN ISO/IEC 27001:2022 Information Security Management System standard, contracts, and our policies and procedures,
• To protect information and information assets, identify the risks at specific intervals and manage them by taking the necessary actions,
• To prepare business continuity plans and test these plans to ensure that operations and responsibilities to stakeholders are not interrupted in the event of any adverse circumstances,
• To take the necessary technical and administrative measures and implement sanctions regarding information security breaches,
• To raise awareness among internal and external stakeholders about the importance of information by maintaining a high level of information security awareness, communicating relevant obligations, and encouraging their implementation,
• To continuously improve the Information Security Management System and ensure its effectiveness, conduct internal audits and review and evaluate the results of these audits as management, and ensure that a process control system based on the principle of separation of duties is established.